Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's
Author Message
hlr559
New Member
New Member


Joined: Sep 28, 2004
Posts: 4

PostPosted: Tue Sep 28, 2004 6:18 pm Reply with quote

publicly hosted *nix Server #1 will have phpNuke. User logs in to Server #1 as 'John' with password 'Smith', clicks on a link pointing to Server #2 (w/o phpNuke and private at company main offices).

Suppose link is Only registered users can see links on this board! Get registered or login! and Server #2 is Apache php mysql.

How do I safely configure each server so that so that:

(1) There is no authentication login prompt for accessing the page on Server #2 from Server #1 as described.

(2) Just opening a brower and pasting "https://www.server2.com/link123.htm" into the address bar WILL cause a login authentication to show.

(3) What kind of authentication is best for Server #2: basic?, mysql?, DBI? because we want authentication normally to work like mod_auth_mysql.

How can this be done?

Thanks in advance.
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Sep 28, 2004 7:02 pm Reply with quote

This response assumes that you have secured phpnuke to correctly handle legitimate users. With that assumption, then
- The link to server #2 can pass the username and password to server 32 to be authenticated.
- You could have an admin table in server #1 that is for only legitimate users of the ssl link. Then, when that link is clicked, a check is made to the allowed_users_table and unless that phpnuke user is also in that table, the link dies.
- Utilize a 'Group' that only has access to that link. The link isn't even displayed unless you are a member of that group.

There are other possibilities, but I'm sure you get the picture. You could also look into serializing a special cookie as added protection.
 
View user's profile Send private message
hlr559
PostPosted: Wed Sep 29, 2004 6:11 am Reply with quote

I know that a url/link can be constructed as follows:
Only registered users can see links on this board! Get registered or login!

I assume you are referring to this construct (Don't know if I have it exactly correct)

From my limited testing pasting this into the address bar of my browser, the authentication box still pops up but it requires only an enter key. Maybe because site #2 uses mod_auth_mysql and not basic authentication.

Any insights into preventing this 2nd box? Maybe we should switch to basic auth if that is a bettersolution. We did not plan on phpNuke for server #2, but would that help with the solution?

Thanks for your input.
 
Raven
PostPosted: Wed Sep 29, 2004 7:07 am Reply with quote

Of course this all depends on the level of security that is needed on server #2. But, I was thinking more along the lines of basic auth and a link like Only registered users can see links on this board! Get registered or login! Then, your basic auth routine would decode the encoded_string and determine if it passes and if not then basic auth would pop-up.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©